Re: [Phpgroupware-developers] force users to change password ?

phpgroupware-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-developers] force users to change password ?

From:	Brian Johnson
Subject:	Re: [Phpgroupware-developers] force users to change password ?
Date:	Tue, 05 Apr 2005 13:40:22 +0000

I use ldap for shell, email, phpgw, and samba accounts so that each user has
one password that works for all those systems and I mod'd phpgw to allow them
to change them all at once through the phpgw change password screen.

I would like to modify phpgw to do password checks on the change so that a
simple password is not accepted .. however I haven't done that yet and the
only way I know of to do it creates another dependancy for libraries on the
server which may not sit well with everyone

I decided to implement a password change system that "encouraged" users to
change their password instead of "requiring" them to change it and wrote one
but haven't actually put it in place yet.

The problem with "requiring" them to change it was that access could be
through any of the above systems and they all have different abilities.  I
didn't want to write a passwd change utility (or require the existence of one
on the server).

Since I wasn't "requiring" a password change, I decided a daily cron job would
catch accounts even if not used for one or more days.  I did it in php since
it seemed easy.

What I did was check the last passwd change date and if it hasn't been changed
in a month, it emails the user with a nice email explaining the problems with
lax security and encouraging them to change their password.  It also contains
info about selecting a "good" password.

They can simply delete it, but they'll get an email every day until they
change it.

Prohiting access until it was changed would have involved interacting with
multiple system services that I didn't feel like doing.

The problem now is .. that I can't find the darn thing.

Maybe you can check the wiki while I search my server HD

Pascal Vilarem (address@hidden) wrote:
>
>
> Hi all,
>
> I've been asked to force phpgw users to change their passwords once a
> month... i didn't find something in phpgw to do that straight out of the
> box... so i guess i'll have to code a little bit.
>
> did someone there have to face such a demand ? are there special things
> i have to care about ? does this  little feature interest more people
> than just me ? (if yes i'll submit a patch)
>
> all advices and comments are welcome.
>
> Pascal.
>
>
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-developers] force users to change password ?, Pascal Vilarem, 2005/04/05
- Re: [Phpgroupware-developers] force users to change password ?, Brian Johnson <=
  - Re: [Phpgroupware-developers] force users to change password ?, Pascal Vilarem, 2005/04/05
- Re: [Phpgroupware-developers] force users to change password ?, Brian Johnson, 2005/04/06
  - Re: [Phpgroupware-developers] force users to change password ?, Pascal Vilarem, 2005/04/06

Prev by Date: [Phpgroupware-developers] force users to change password ?
Next by Date: Re: [Phpgroupware-developers] force users to change password ?
Previous by thread: [Phpgroupware-developers] force users to change password ?
Next by thread: Re: [Phpgroupware-developers] force users to change password ?
Index(es):
- Date
- Thread